A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function
dlfile
of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection.
The identification of this vulnerability is CVE-2024-1115. The attack may be initiated remotely. Furthermore, there is an exploit available.